0

I would like to get instances from netstat -anob like

   Proto  Local Address        Foreign Address             State           PID  
    TCP      0.0.0.0:135         0.0.0.0:0                 LISTENING       976  
    RpcSs [svchost.exe]  
    TCP      0.0.0.0:2030        0.0.0.0:0                 LISTENING       2256
    [omtsreco.exe]

and keep it in XML format, so the fragment of code like this is not fit for me

set sh = CreateObject("Wscript.Shell")  
call GetConnections()  
Function GetConnections()  
  i = 0  
  set shExec = sh.Exec("netstat -anob")  
   Do While Not shExec.StdOut.AtEndOfStream  
      Wscript.Echo shExec.StdOut.ReadLine()  
  Loop  
End Function

I found that I can get PID and executable from Win32_Process but other instances I have no idea how to get it. I wonder if it possible to use a WMI to fit a command above and I would be appreciated if anyone can guide how to do it.

PS. I have to create it in .vbs extension so WMI would fit for solution if possible.

Regards,

Phamornh

Phamorn Hongsawat
  • 1
  • 1
  • 3

1 Answers1

1

you could use tcpvcon.exe from sysinternals, with the -c parameter it will dislay results in a csv format

PS>.\Tcpvcon.exe -c                                                                                              

TCPView v2.54 - TCP/UDP endpoint viewer                                                                          
Copyright (C) 1998-2009 Mark Russinovich                                                                         
Sysinternals - www.sysinternals.com                                                                              

TCP,[System Process],0,TIME_WAIT,x.y.com:4679,x.y.com:63394    
TCP,[System Process],0,TIME_WAIT,x.y.com:4679,x.y.com:63438    
TCP,putty.exe,7120,CLOSE_WAIT,x.y.com:8080,localhost:62516
Loïc MICHEL
  • 24,935
  • 9
  • 74
  • 103